Release of FedRAMP Incident Communications Procedures
April 15 | 2021
The Federal Risk and Authorization Management Program (FedRAMP) recently updated the FedRAMP Incident Communications Procedures document. This document provides step-by-step guidance on both the roles and responsibilities of each FedRAMP stakeholder and the appropriate timeframes for reporting information concerning security incidents. Updates to this document include response to CISA Emergency Directives .
Clear and timely incident communications to relevant stakeholders are a key aspect of the continuous monitoring phase for authorized FedRAMP service offerings. This ensures that all incident handling is transparent and that all stakeholders are aware of the current status and remediation efforts.
Prior to releasing the updated version, the document was reviewed by multiple federal government stakeholders to ensure the steps were clear, accurate, and consistent with federal security policy and governance. If you have any questions about this guidance document, please reach out to info@fedramp.gov.